IETF Logo Mail Archive

Re: [dmarc-ietf] SPF follies, WGLC editorial review of draft-ietf-dmarc-dmarcbis-30

Dotzero <dotzero@gmail.com> Mon, 01 April 2024 12:54 UTC

Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ADBFC14F6F3 for <dmarc@ietfa.amsl.com>; Mon, 1 Apr 2024 05:54:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G06T56PeHxeh for <dmarc@ietfa.amsl.com>; Mon, 1 Apr 2024 05:54:50 -0700 (PDT)
Received: from mail-vs1-xe33.google.com (mail-vs1-xe33.google.com [IPv6:2607:f8b0:4864:20::e33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF368C14F6E4 for <dmarc@ietf.org>; Mon, 1 Apr 2024 05:54:50 -0700 (PDT)
Received: by mail-vs1-xe33.google.com with SMTP id ada2fe7eead31-4785c788ba6so330019137.0 for <dmarc@ietf.org>; Mon, 01 Apr 2024 05:54:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711976089; x=1712580889; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=4Y26qZCxzMeVa8eR10FqSt9UfoP4RkR7dAm8hkGYD2Y=; b=UeYTJG+efFOKRd25BwQcSDCofqGPZ6zyALGkIdPFdaZJbEq+P72AKIu7j5hABvKYFu yjBDYlWjy4RuE/zSCfb7LtgpKJxlD8uFcthJ+rLTrc0J8StiSmURSzDMc/vSNnsL/3ve I1bSBaIHlPfwt/T4pPLIf7wfOk4l6XfeEw0NLSNeTj9s8LhQIkGDKAsOUZtLulbV+4lz zKqCliYMQiXIkocb/UfFmY/NlWzdn9OIhb3foj9tfmKu/hvOLXZTJVy/5FWpeq8g2bcj Tqs4xFuvueBe6gH3Hy7vP/C2VBapo7VBzMlhAXWLyMn5BYdQiVOALHWMZVycP5qE/jtI qwQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711976089; x=1712580889; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4Y26qZCxzMeVa8eR10FqSt9UfoP4RkR7dAm8hkGYD2Y=; b=VILA0Nxs/dm7Z6/NVPwSznVaDubSCxsXlnfhCgAqVXubFmB+qJLHBhlka0BijaohIk MCTqacTZKFos7kWqSKGFxDUqsEyF32ZsflVVNZIDbPOCEY74yyRRRgZkJAxLmY3B5I0g A0hr414B2IXU+0m4ev1+zwtrguPXL9Xkc68CQtiIGVj53kqfAZ1stQDPP6GrZUdZM+lq Eiojl+YMGUYoUkl7A7wwxf8peEIrLMPB7iByiaeHmwzlP968WgJNYNzPp1ok+GsiUHuz nHfrMiSWyOoKyvt4l/V/OF+Yklj+lQed/FFp0iCcvKCex1t88Cc1MnbVo34jWVDOWgp+ gyhA==
X-Gm-Message-State: AOJu0Yz09UDJ/TrRVVA9EnyrH9mbeA9S4kOgZ4mXfuG4zdPQ7XNrpMl3 5rgs/RpgeUrUIBBfc6Jm2xJoEcg+FX/eA9zzzFQineiBr6iFh8Fxs77f0BbGXIr9hKLnzWdvDOb r0q1/BK7lZWpaAdJvPncsmEDYZhvSeo8I
X-Google-Smtp-Source: AGHT+IEmZ1BdPMHn/5UOWV1fjBzFNTk+WO3pucVZn04SNHe+aqcERaZHnhlrxf0IqpfL7C+bQdhpZASaPmRi7DtFC+s=
X-Received: by 2002:a67:fbc7:0:b0:476:9fde:7886 with SMTP id o7-20020a67fbc7000000b004769fde7886mr4823974vsr.18.1711976089553; Mon, 01 Apr 2024 05:54:49 -0700 (PDT)
MIME-Version: 1.0
References: <eda55c54-c149-475c-8117-bfdf3885a883@tekmarc.com> <20240331180009.F36CD8687B50@ary.qy> <CAOZAAfP9tXi80Fi=ZkgPpGwHo1fDbdSOZwVcnuPDbbc2xQd-7A@mail.gmail.com> <lIU60SB3NeCmFAG+@highwayman.com> <CAL0qLwZt+bo4ydCVOQbfg6bQEv-ufXrrwr8Aege9Wsv7LgH=kA@mail.gmail.com> <CAOZAAfPtxdBwEthN26cgvAnAbQ70wym+2k0WjtKqNVf44=-vMg@mail.gmail.com> <MN2PR11MB435115B7428C63C1B1058D9EF73F2@MN2PR11MB4351.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB435115B7428C63C1B1058D9EF73F2@MN2PR11MB4351.namprd11.prod.outlook.com>
From: Dotzero <dotzero@gmail.com>
Date: Mon, 01 Apr 2024 08:54:38 -0400
Message-ID: <CAJ4XoYfmyDykZGm9Gb1bxjz=pW_scqon3pDv-DRGHjFrnyCLoQ@mail.gmail.com>
To: "Brotman, Alex" <Alex_Brotman=40comcast.com@dmarc.ietf.org>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ae964d0615087ee1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/GH41I5Ahiannol4LIsoYxrT5dhk>
Subject: Re: [dmarc-ietf] SPF follies, WGLC editorial review of draft-ietf-dmarc-dmarcbis-30
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2024 12:54:55 -0000

On Mon, Apr 1, 2024 at 8:18 AM Brotman, Alex <Alex_Brotman=
40comcast.com@dmarc.ietf.org> wrote:

> One item left out of Seth’s text is that due to MBPs who act in this
> fashion, these SPF evaluation failures will (understandably) not show up in
> DMARC reports, and the domain owner may not have visibility for these
> failures.  However, the text also puts the onus on the domain owner instead
> of the MBP.  The text could be altered to instead suggest that MBPs who
> deploy DMARC should not utilize the outcome of SPF in this fashion.  If the
> domain owner wants to protect their domain, and has no idea if the MBP
> supports DMARC properly (presuming they also have an enforcing policy), is
> it more or less advisable to use “-all” with your SPF record?
>
>
>
> I’d be curious to see the Venn diagram of MBPs who implement SPF in this
> fashion, and also fully support DMARC.  I feel like the MBPs who I’ve
> encountered deploying an SPF check in this way had not at the time
> supported DMARC.
>
>
>
> --
>
> Alex Brotman
>
> Sr. Engineer, Anti-Abuse & Messaging Policy
>
> Comcast
>
>
I was just thinking along these lines and was going to post but you beat me
to the punch.

+1

Michael Hammer

v2.23.0 | Report a Bug | By Email